By default, event logging for the OAL Generator is set to lowest level. In order to see why some entries are skipped by OAL Generator, event logging level must be set to at least medium. One way to set this requirement is by using PowerShell :Set-EventLogLevel -Identity "ExchangeServerName\msexchangesa\oal generator" -Level Medium
Setting the logging level to Medium for the OAL gener…

This is quick post for reference, and is intended to show how to manage user's calendar permissions in Exchange 2010. Four PowerShell cmdlets are available for achieving this task:Get-MailboxFoderPermissionAdd-MailboxFolderPermissionSet-MailboxFolderPermissionRemove-MailboxFolderPermission
For example:To list (get) assigned calendar permissions on user Jane.Doe here is the syntax:
Get-MailboxFoderPermission -identity jane.doe:\calendar To assign John.Doe Reviewer permission on Jane.Doe calendar (John does not have any permission on Jane's calendar):Add-MailboxFolderPermission -identity jane.doe:\calendar -user "John Doe" -AccessRights Reviewer To modify already assigned permission to John Doe on Jane Doe calendar from Reviewer to Editor:Set-MailboxFolderPermission -identity jane.doe:\calendar -user "John Doe" -AccessRights Editor And finally to remove already added permission for John Doe on Jane Doe calendar:Remove-MailboxFolderPermission -identity jane.doe…

In this case my friend's "oldie" phone Nokia E72 stopped synchronizing emails using ActiveSync. He was also unable to access his mailbox using outlook web access link.
The reason for this behavior was that the company's IT has replaced expiring certificate with new one (nothing odd here), but the new certificate was having sha256RSA signature algorithm. Nokia E72 was unable to access https web sites secured with sha256 certificates.
In order to fix this behavior fortunately there is a fix which will enable Nokia E72 to successfully access https web sites secured with sha256 certificates. You can download this fix from http://dl.nokia.com/ns/symfix/networking_improvements.SIS .

After installing this fix for Symbian, my friend was able to synchronize email using ActiveSync again, and started to open https web pages secured with sha256 certificates.

Remote Desktop Connection Manager (RDCMan) 2.7, finally is publicly available. For those who never used RDCMan, it's probably the best tool for managing multiple remote desktop connections, and it's free.
You can download the installation package from Microsoft Download Center http://www.microsoft.com/en-us/download/details.aspx?id=44989 .

Here are the new features:Virtual machine connect-to-console supportClient size options come from the application config file (RDCMan.exe.config) rather than being hard-coded.View.Client size.Custom menu item shows the current sizeView.C…

In this case I was experiencing VSS error events in application event log on one of the file servers. The related logged events were containing error information with associated Volume GUID instead of mount point (drive letter). Here is the example of the error event:Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out. Error context: DeviceIoControl(\\?\Volume{GUID}
Since this error event was generated on file server with bunch of disk drives, I was wondering which mount point (drive letter) was associated with this Volume Guid.
One way to achieve this task was to run mountvol.exe without any switches. The output from this command looks like this:

Also, from Run dialog:

I could browse the contents of the drive, and figure out the drive letter.
Browsing the contents using Volume Guids from command prompt using dir requires additional backslash "\" at the end:

Another way is by comparing values in Registry in HKLM\System\MountedDevi…

TechEd 2014 Europe (Barcelona) has finished yesterday, and if you were at the last session on Friday on Case of the Unexplained: Troubleshooting with Mark Russinovich, you could listen that it was the last his session on TechEd ... Ever ...
Is TechEd dead ? No, according from Microsoft. TechEd lives on, but as part of new unified Microsoft commercial technology event. This event for 2015 calendar for US is scheduled in May in Chicago and is known as Microsoft Ignite .
Until now, there are no announcements for such Microsoft's premier IT Pro conference for Europe, but let's hope that there will be one, because TechEd was a great place to explore Microsoft's solutions for delivering innovation and productivity for enterprises.

If you're MCT, checkout the latest promotion from Microsoft Learning on http://borntolearn.mslearn.net/goodstuff/p/mctchallenge.aspx . Free Exam Vouchers Offer is valid until 30.11.2014 up to 10000 vouchers distributed worldwide, and a voucher may be redeemed to take any MCP Exam !!!
For the best MCTs there are special prizes like Surface Pro 3 and XBOX One !

Also, If you want to become an MCP checkout the latest promotion from Microsoft Learning on http://borntolearn.mslearn.net/goodstuff/p/mcp.aspx . There is free exam vouchers offer for Azure Exams and Office 365 Exams. The offer is valid until 31.12.2014 up to 10000 vouchers distributed worldwide.

I have uploaded short videos on YouTube about:Installing Windows 10 Technical Preview on Hyper V : http://youtu.be/7HXhor5vM_U .This video covers: download location of the Windows 10 Hyper V VM provisioning and installation of the Windows 10Windows 10 Technical Preview Features : http://youtu.be/hlL06fy2vU0 .This video covers:Introduction of the "new" Start Menu (Resize, Drag and drop, Add Recycle bin to start menu, Change the size of the tiles, Turn live tile (on|off), Switch between Start Menu and Start Screen)
Operating System versionIntroduction of the new experimental tab on command prompt properties, from where the opacity of the window can be changed (for example), new features for selecting text, CTRL+C, CTRL+V .PowerShell versionInternet Explorer versionVirtual desktops (create, delete, switch)"New" applications run in window mode
I've added some annotations during video playback, so recommended view of the videos is from desktop.

Last week Microsoft made publicly available for download technical preview version of the next generation of client, server and system center products. Official names for the server and system center are not revealed, and they are available as Windows Server Technical Preview and System Center Technical Preview, while for the client Windows 10 will be the name of the operating system.

This is quick one for reference, here is an example how to find out currently logged on user on remote computer or local computer (administrative permission is required for querying remote computer) using PowerShell single liner:

Get-WmiObject win32_ComputerSystem -ComputerName Remote computer name or IP address | Select username
For finding out the currently logged on user, WMI and Win32_ComputerSystem class is used. Win32_ComputerSystem class has username property which contains the currently logged on user. For more information about Win32_ComputerSystem class please check the MSDN article http://msdn.microsoft.com/en-us/library/aa394102(v=vs.85).aspx .

My first thought was to find out the currently logged on user, but what about the users that are logged on and are switching between their profiles ? That's when the things get complicated. Anyway, here is PowerShell script which will list logged on users on remote or local machine, even if they are switching between profiles on…

In this case, a friend of mine was complaining that from some reason he was unable to sign documents on web site which requires to proof his identity with certificates stored on token. The client operating system was Windows 8. Instead of a popup for token pin, there was an error message (WinCAPICryptoProvider() - Error obtaining generating internal key store for PROV_RSA_FULL):

I was suspecting that something was wrong with user's certificate. Certmgr.msc and personal folder was showing his certificates, and all of them were having the private key. Since all of the certificates were stored on a token, I have deleted all the certificates from the personal certificates store. After reinserting the usb token, certificate propagation service has successfully copied certificates from the token into user's certificate personal store. I was hoping that the problem has been successfully solved, but the same message from internet explorer has popped out, and he was unable to sign the…

In this case, if you're still using TMG 2010 as proxy server with HTTPS Inspection option enabled, users may experience blank page when accessing https web sites with CNG certificates (for example: coursera, booking, sendspace, dropbox, twitter ...) . The reason for this behavior is that default self signed certificate (or the certificate issued by CA) which is used by the TMG for HTTPS inspection feature is not compatible with suite B certificates. For more info about the CNG certificates please check http://technet.microsoft.com/en-us/library/cc730763(v=ws.10).aspx .

You can check TMG logs to see if you're experiencing this behavior by creating filter (for example: looking for http status code 0x8009000a in last hour ) :

To avoid this behavior change the certificate used by TMG HTTPS Inspection with CNG certificate (self signed or issued by CA). This certificate must be trusted by clients. For more info about this behavior and a script for creating self signed CNG certifica…

Running the setup from Office 2010 installation CD, the installer was not detecting the old installation of Office 2010, and was trying to install new Office 2010 suite, but was failing with following error "Microsoft Office 2010 Professional encountered an error during setup" :

The error message is generic and not so descriptive, but fortunately Microsoft has published the following KB927153 article. Following the instruction from article, has successfully solved the prob…

A colleague of mine was complaining that he had to install same update every day on his workstation. Every time he clicked to install the update, the same update was offered for installing again and again. The "problematic" update was KB954430 Security Update for Microsoft XML Core Services 4.0 Service Pack 2. Microsoft has published an article for resolving this kind on behavior in following KB 941729.
By following the instructions which are consisted of renaming the msxml4.dll and installing the latest MSXML security update, the annoying behavior of reinstalling the same update KB954430 again and again, has been successfully resolved.

In this case, domain joined workstation with Windows 7 operating system was failing to register itself on new WSUS server. Settings for the new WSUS server were entered into domain GPO. I tried to refresh the settings with gpupdate /force. But, the command was failing to apply computer settings from domain GPO, with following error message:Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
The output from Gpresult /h gpresult.html was showing failed status for Registry in component status:

Error event was logged into System event log with ID 1096 and same description:

The processing of Group Policy failed. Windows could not apply the registry-based…

In this case, a colleague of mine was complaining that her workstation was running very slow even tough the workstation was memory upgraded. Since the term "running slow" is very relative, I needed info about the hardware and OS. The operating system was Windows 8.1 Enterprise x64, and hardware was HP ProDesk 600 G1.
The reason for this "running slow" behavior was the CPU usage of system interrupts process. 20-30% of the CPU usage was dedicated to this process all the time. From my experience the reason for this kind of behavior is hardware or driver related. The OS was fully patched with latest updates. So, I've started updating the drivers and BIOS. After updating the drivers and BIOS to the latest HP official versions the behavior was still the same, system interrupts process was holding 20-30% of the CPU. There were no pending restarts. And, the CPU usage behavior was the same on every restart. This behavior of high CPU usage from System Interrupts process…

In this case I wanted to move Azure VM from one cloud service to another cloud service in same Azure Subscription. Using Microsoft Azure Web Portal this task can be achieved in following three steps:Note the disk(s) that were attached on Azure VM, and other configuration settings like VM size, virtual network, endpoints and so on.Delete the Azure VM with option to keep the attached disksCreate new VM from Gallery, and on first Wizard page (Chose an Image) select MY DISKS option, and select the disk noted in first step. Complete the wizard with assigning the VM to the new Cloud Service.
In my case the VM was having couple of additional data disk drives, and I was unable to attached them using Azure Web Portal Create New Virtual Machine from Gallery Wizard. But, this can be easily achieved using Powershell. The script is very easy to read, and is consisted of:Setting the currentStorageAccount for the Azure SubscriptionSetting basic variables for the VM, like Name, disks, virtual networ…

In Microsoft Azure all created VMs have internal IP addresses assigned from DHCP server, and those IP addresses are within the defined virtual network scope if you have created virtual network. The IP address assigned by the DHCP to the Azure VM, will remain the same for the vm's lifetime as long as the VM is not in Stop (Deallocated) state. Here is output from the ipconfig /all from the Azure VM:

This means that when the VM is shut down from the operating system (you're paying for the VM in this state), it will obtain the same IP (in this example 10.0.0.5) when the VM will start up again. Also, while this VM is in Stopped state (shut down from the OS), no other VM will be offered the same 10.0.0.5 address. And here is the state of the VM from Azure Portal:

In case when you don't want to pay for the VM, you have to shut down the VM from the Azure portal or Powershell, and the VM will be in Stopped (Deallocated) state :

In this case I have experienced Event ID 7036 from Service Control Manager source with following information:The Software Protection service entered the running state.
This event was filling up the System event log, because the same event was generated every 30 seconds.
In my case I have stopped this event from logging by starting the system from Control Panel (the system was already activated), but anyway clicked the View Details in Windows Activation and click the Activate with a new key. On Windows Activation wizard page, clicked cancel and new event with same ID 7036 was logged but with information that:The Software Protection service entered the stopped state.
After this event, there were no more events with id 7036 logged for every 30 seconds in system event log with information that software protection service entered the running state.

This is a case where Windows 7 x86 non domain workstations with SCCM 2012 R2 client installed were unable to download content from SCCM server. Network Access Account was properly configured, and the client was using it but was still unable to download content. Anonymous clients were not allowed to connect to distribution point. Here are the error messages from DataTransferService.log:

In this case I was deploying Cumulative Update 1 for SCCM 2012 R2 and installation of CU has completed successfully, but Application Catalog website point site system role was in status Critical. Before installation of CU1, Application Catalog website point was in status OK. So, the quest for searching why the application catalog website point was in status Critical after installation of CU1 has begun.I checked the log files and there were no errors in them. All components were in status OKThere were no error messages for componentsAll counts were resetSystem rebooted
And still the Application catalog website point was in status Critical, even though software center application catalog from clients was working as expected.
Finally, I have reinstalled the application catalog website point system role, and mysteriously the status was changed in OK state.

This was an easy task that I want to share, and the request was to set the power option when the computer will go into sleep state on a list of Windows 8.1 domain computers. Most of the computers on the list were having the default option of 30 minutes for going into sleep state. And this value of 30 minutes has to be changed into 5 hours, but all computers that were having a changed default setting of 30 minutes into Never must not be set. I was using PowerShell with WMI for achieving this task. And here is the script:

In this case I was converting (P2V) HP ProLiant DL 360 G4 server with Windows Server 2003 operating system installed. The conversion has completed successfully, and the VM was running as should, but the following error events were logged in system event log on every reboot:

Event Type: ErrorEvent Source: Service Control ManagerEvent Category: NoneEvent ID: 7000Description:The cpqasm2 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Event Type: ErrorEvent Source: Service Control ManagerEvent Category: NoneEvent ID: 7001Description:The HP ProLiant System Management Interface Driver service depends on the cpqasm2 service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

A colleague of mine was complaining that he was experiencing Access Denied message while synchronizing his folder redirected offline files on his Windows 7 laptop machine with enabled option for encrypting the offline files cache. While he was able to successfully synchronize folder redirected offline files on his Windows 8.1 desktop workstation with disabled option for encrypting the offline files cache.
The reason for this strange behavior is that Windows for encrypting the offline files cache is using native EFS. Also, for testing purposes he tried to encrypt some folder on NTFS file system, but he was unable to do that. So, now it was easy to guess that EFS is not working as should. After checking the Data Recovery Agent in Computer Configuration\Windows Settings\Public Key Policies\Encrypting File System inDefault Domain GPO, I have noticed that default self signed Administrator certificate for EFS data recovery agent has expired.
Deleting this expired certificate and generatin…

Setting the default file associations for Windows 8.1 can be a quite challenge. First to note is that User's Group Policy Preference Folder Option Open With ... setting does not work anymore. So, in order to set default file associations we have two "mechanisms" in our hands.
The first one is DISM with set of new options for viewing, removing, exporting and importing default file associations. Exporting and Importing option is using xml file. So, after we have assigned specific application associations for certain file extensions on our reference computer, we have an option to export those settings into xml file using DISM, for example:Dism /Online /Export-DefaultAppAssociations:<path to xml file>\DefAppAssoc.xml>
This xml file can be imported into our image file that we're using for Windows 8.1 deployment scenarios, and everyone that will logon to the operating system deployed using that "modified" image file will have the same default file asso…

When deploying Windows 8.1 x64 using SCCM 2012 R2, you may experience task sequence error 0x8007000b, if you're trying to execute for example DISM command without path information for the executable. For example, running the following task sequence command to set the default file association from xml file will fail:

dism /online /Import-DefaultAppAssociations:AppAssociations.xml
The reason for this failure is Windows redirect feature which tries to execute the 32bit version of DISM. In order to fix this behavior and run the 64bit version of DISM, sysnative function can be used. So, running the DISM like this:

In this case I was unable to connect to ILO3 on HP DL 380 G7 with Internet Explorer 11 from Windows 8.1 client workstation. ILO Firmware version was 1.20. Starting from Windows 8.1 and Internet Explorer 11 all TLS protocols are enabled and supported by default:

ILO was not failing back to lower version of TLS if TLS 1.2 was selected. After unselecting TLS 1.2 from Internet Explorer 11, I was able to connect to ILO interface. This is issue was resolved with later version ILO firmware. So, after patching the server with latest ILO firmware, I was able to connect to ILO3 interface using Internet Explorer 11 with TLS 1.2 selected.

On all Windows 8 and Windows 8.1 client Resultant Set of Polices (rsop.msc) was returning an error for Internet Explorer Branding component like this:

And in Group Policy event log the following event is logged Event ID 7016:CSEElaspedTimeInMilliSeconds 0ErrorCode127 CSEExtensionNameInternet Explorer BrandingCSEExtensionId{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}
The reason for this behavior is that Internet Explorer Maintenance or Internet Explorer Branding has been removed from Windows 8 and Windows Server 2012. One way to resolve this error is to remove Internet Explorer Branding Group Policy client side extension using the following Microsoft KB 2813272 .
Another way to prevent this error is to prevent all the GPOs with some Internet Explorer Maintenance configured setting from applying to Windows 8 computers. But, there is also another catch, if you reset the Internet Explorer Maintenance settings in GPO, the extensions are not removed from GPO ! There is also published article fro…

In this post I'll explain how I've managed to fix the Warning Event ID 4098 from Group Policy Internet Settings source in Application Log. The following event was logged in Application Event Log on affected machines:

The user 'Internet Explorer 10' preference item in the 'Policy Name and ID' Group Policy Object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
The reason for this access denied was because Internet Settings preference 'Internet Explorer 10' was running under user's context.

Removing the check mark from common tab for Run in logged-on user's security context (user policy option) has resolved the warning event log. Preference items created either under computer or user part of the GPO are processed under System security context. For more info about configuring common option check http://technet.microsoft.com/en-us/library/cc772371.aspx .

In this case there was SCCM 2012R2 client that was reported as client that failed check from All Desktop and Server clients. The error message was Failed to recreate client evaluation task :

﻿
This SCCM 2012R2 client was installed on Windows Server 2003 R2 were the local administrators have disabled some services and among them was Task Scheduler. After setting the Task Scheduler service to Automatic and starting the service, and restarting the SMS Agent Host service the Configuration Manager Health Evaluation task was successfully created and the client was no longer reported as client that failed check.

In this case users were complaining that cannot share files in shared folder on Windows Server 2008 R2 file server with quota assigned on that shared folder. The shared folder had hard quota assigned, and according to FSRM (File Server Resource Manager) Quota Management 90% was used. Here is the screenshot showing that only 10MB were available for that folder:

Dir command was running with elevated credentials, and I was gaining same output from dir command when running under SYSTEM account. So, I was suspecting that quota calculation for that folder was not accurate. In order to trigger quota recalculation I was using Dirquota, with following syntax:dirquota quota scan /path:<Path to folder>
After running this command, FSRM Quota Management was showing that 9X% were free (instead used) and users started to share files without getting notified that are reaching maximum quota limit for that folder.

This is quick one, where I wanted to add additional keyboard layout to some users using GPO preferences. Using GPO preferences I have added following registry key to targeted domain users:

HKEY_CURRENT_USER\Keyboard Layout\Preload\Value Name:2Value type:REG_SZValue data:0000042f
42F is keyboard layout for Macedonian Language and 2 for value name is keyboard preference. Additional language codes can be found in following part of registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts.

In this article I would recommend installing the KB 2879635 update for Windows Server 2012 based failover clusters that improves resiliency. This update should prevent the "notorious" event 5120 with description:Cluster Shared Volume 'Volume1' ('name’) is no longer available on this node because of 'STATUS_IO_TIMEOUT(c00000b5)'. All I/O will temporarily be queued until a path to the volume is reestablished.
from happening during backup of VMs from Hyper V host located on CSV volume. Note that after installing this hotfix on Hyper V hosts, you should update integration components on Windows Server 2012 based guest virtual machines running on those hosts.

In this case I wanted to unify BIOS settings (setup password and bios version) on HP Desktop Computers (DC5800, DC6000, DC6300, 600 G1). I was using SCCM 2012 R2 for operating system deployment, and in the task sequence for operating system deployment I have added steps for setting the BIOS password and updating the BIOS to latest available version for HP desktop model. For setting up the BIOS password I was using BiosConfigUtility.exe from HP sp52095.exe, and for updating the BIOS to the latest available version I was using HPQFlash which is part of BIOS update package and can be downloaded from support web page of the HP desktop model.
What I want to notify here is that BIOS password set with numbers from numerical part of the keyboard is not the same when typed with same numbers from regular part of the keyboard. So, in my case I wanted to set the BIOS password with numbers from numerical part of the keyboard. For example, for BIOS password I wanted to set seven,eight and nine fro…

In this case I was upgrading SCCM 2012 SP1 infrastructure to SCCM 2012 R2, and one of my tasks was to upgrade SCCM client to SCCM 2012 R2 version 5.00.7958.1000. During SCCM 2012 R2 client upgrade procedure, SCEP client upgrading is part of the upgrading process to version 4.3.220.0. SCCM 2012 R2 client together with SCEP client were upgrading without any issues on most of the clients, but there were some clients where SCCM client was successfully upgraded to R2 version, but SCEP client was still with old version. SCCM 2012 R2 console for those clients was reporting the following information: